package com.nimbusds.jwt.proc;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEDecrypter;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.crypto.factories.DefaultJWEDecrypterFactory;
import com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.BadJWEException;
import com.nimbusds.jose.proc.BadJWSException;
import com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier;
import com.nimbusds.jose.proc.JOSEObjectTypeVerifier;
import com.nimbusds.jose.proc.JWEDecrypterFactory;
import com.nimbusds.jose.proc.JWEKeySelector;
import com.nimbusds.jose.proc.JWSKeySelector;
import com.nimbusds.jose.proc.JWSVerifierFactory;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.PlainJWT;
import com.nimbusds.jwt.SignedJWT;
import java.security.Key;
import java.text.ParseException;
import java.util.List;
import java.util.ListIterator;

/* loaded from: classes2.dex */
public class DefaultJWTProcessor<C extends SecurityContext> implements ConfigurableJWTProcessor<C> {

    /* renamed from: a, reason: collision with root package name */
    private JOSEObjectTypeVerifier f16985a;

    /* renamed from: b, reason: collision with root package name */
    private JOSEObjectTypeVerifier f16986b;

    /* renamed from: c, reason: collision with root package name */
    private JWSKeySelector f16987c;

    /* renamed from: d, reason: collision with root package name */
    private JWTClaimsSetAwareJWSKeySelector f16988d;

    /* renamed from: e, reason: collision with root package name */
    private JWEKeySelector f16989e;

    /* renamed from: f, reason: collision with root package name */
    private JWSVerifierFactory f16990f;

    /* renamed from: g, reason: collision with root package name */
    private JWEDecrypterFactory f16991g;

    /* renamed from: h, reason: collision with root package name */
    private JWTClaimsSetVerifier f16992h;

    public DefaultJWTProcessor() {
        DefaultJOSEObjectTypeVerifier defaultJOSEObjectTypeVerifier = DefaultJOSEObjectTypeVerifier.f16581c;
        this.f16985a = defaultJOSEObjectTypeVerifier;
        this.f16986b = defaultJOSEObjectTypeVerifier;
        this.f16990f = new DefaultJWSVerifierFactory();
        this.f16991g = new DefaultJWEDecrypterFactory();
        this.f16992h = new DefaultJWTClaimsVerifier(null, null);
    }

    private JWTClaimsSet a(JWT jwt) {
        try {
            return jwt.t();
        } catch (ParseException e2) {
            throw new BadJWTException(e2.getMessage(), e2);
        }
    }

    private List m(JWSHeader jWSHeader, JWTClaimsSet jWTClaimsSet, SecurityContext securityContext) {
        if (f() != null) {
            return f().a(jWSHeader, jWTClaimsSet, securityContext);
        }
        if (d() != null) {
            return d().a(jWSHeader, securityContext);
        }
        throw new BadJOSEException("Signed JWT rejected: No JWS key selector is configured");
    }

    private JWTClaimsSet p(JWTClaimsSet jWTClaimsSet, SecurityContext securityContext) {
        if (g() != null) {
            g().a(jWTClaimsSet, securityContext);
        }
        return jWTClaimsSet;
    }

    public JWEDecrypterFactory b() {
        return this.f16991g;
    }

    public JWEKeySelector c() {
        return this.f16989e;
    }

    public JWSKeySelector d() {
        return this.f16987c;
    }

    public JWSVerifierFactory e() {
        return this.f16990f;
    }

    public JWTClaimsSetAwareJWSKeySelector f() {
        return this.f16988d;
    }

    public JWTClaimsSetVerifier g() {
        return this.f16992h;
    }

    public JWTClaimsSet h(EncryptedJWT encryptedJWT, SecurityContext securityContext) {
        JOSEObjectTypeVerifier jOSEObjectTypeVerifier = this.f16986b;
        if (jOSEObjectTypeVerifier == null) {
            throw new BadJOSEException("Encrypted JWT rejected: No JWE header typ (type) verifier is configured");
        }
        jOSEObjectTypeVerifier.a(encryptedJWT.k().e(), securityContext);
        if (c() == null) {
            throw new BadJOSEException("Encrypted JWT rejected: No JWE key selector is configured");
        }
        if (b() == null) {
            throw new JOSEException("No JWE decrypter is configured");
        }
        List b2 = c().b(encryptedJWT.k(), securityContext);
        if (b2 == null || b2.isEmpty()) {
            throw new BadJOSEException("Encrypted JWT rejected: Another algorithm expected, or no matching key(s) found");
        }
        ListIterator listIterator = b2.listIterator();
        while (listIterator.hasNext()) {
            JWEDecrypter a2 = b().a(encryptedJWT.k(), (Key) listIterator.next());
            if (a2 != null) {
                try {
                    encryptedJWT.f(a2);
                    if (!"JWT".equalsIgnoreCase(encryptedJWT.k().b())) {
                        return p(a(encryptedJWT), securityContext);
                    }
                    SignedJWT f2 = encryptedJWT.b().f();
                    if (f2 != null) {
                        return k(f2, securityContext);
                    }
                    throw new BadJWTException("The payload is not a nested signed JWT");
                } catch (JOSEException e2) {
                    if (!listIterator.hasNext()) {
                        throw new BadJWEException("Encrypted JWT rejected: " + e2.getMessage(), e2);
                    }
                }
            }
        }
        throw new BadJOSEException("Encrypted JWT rejected: No matching decrypter(s) found");
    }

    public JWTClaimsSet i(JWT jwt, SecurityContext securityContext) {
        if (jwt instanceof SignedJWT) {
            return k((SignedJWT) jwt, securityContext);
        }
        if (jwt instanceof EncryptedJWT) {
            return h((EncryptedJWT) jwt, securityContext);
        }
        if (jwt instanceof PlainJWT) {
            return j((PlainJWT) jwt, securityContext);
        }
        throw new JOSEException("Unexpected JWT object type: " + jwt.getClass());
    }

    public JWTClaimsSet j(PlainJWT plainJWT, SecurityContext securityContext) {
        JOSEObjectTypeVerifier jOSEObjectTypeVerifier = this.f16985a;
        if (jOSEObjectTypeVerifier == null) {
            throw new BadJOSEException("Plain JWT rejected: No JWS header typ (type) verifier is configured");
        }
        jOSEObjectTypeVerifier.a(plainJWT.f().e(), securityContext);
        throw new BadJOSEException("Unsecured (plain) JWTs are rejected, extend class to handle");
    }

    public JWTClaimsSet k(SignedJWT signedJWT, SecurityContext securityContext) {
        JOSEObjectTypeVerifier jOSEObjectTypeVerifier = this.f16985a;
        if (jOSEObjectTypeVerifier == null) {
            throw new BadJOSEException("Signed JWT rejected: No JWS header typ (type) verifier is configured");
        }
        jOSEObjectTypeVerifier.a(signedJWT.h().e(), securityContext);
        if (d() == null && f() == null) {
            throw new BadJOSEException("Signed JWT rejected: No JWS key selector is configured");
        }
        if (e() == null) {
            throw new JOSEException("No JWS verifier is configured");
        }
        JWTClaimsSet a2 = a(signedJWT);
        List m2 = m(signedJWT.h(), a2, securityContext);
        if (m2 == null || m2.isEmpty()) {
            throw new BadJOSEException("Signed JWT rejected: Another algorithm expected, or no matching key(s) found");
        }
        ListIterator listIterator = m2.listIterator();
        while (listIterator.hasNext()) {
            JWSVerifier d2 = e().d(signedJWT.h(), (Key) listIterator.next());
            if (d2 != null) {
                if (signedJWT.m(d2)) {
                    return p(a2, securityContext);
                }
                if (!listIterator.hasNext()) {
                    throw new BadJWSException("Signed JWT rejected: Invalid signature");
                }
            }
        }
        throw new BadJOSEException("JWS object rejected: No matching verifier(s) found");
    }

    public JWTClaimsSet l(String str, SecurityContext securityContext) {
        return i(JWTParser.a(str), securityContext);
    }

    public void n(JWSKeySelector jWSKeySelector) {
        this.f16987c = jWSKeySelector;
    }

    public void o(JWTClaimsSetVerifier jWTClaimsSetVerifier) {
        this.f16992h = jWTClaimsSetVerifier;
    }
}
